Opened 8 years ago

Closed 8 years ago

#8208 closed enhancement (fixed)

libksba-1.3.5

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 7.10
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New security-oriented release. 

2016-08-22  Werner Koch  <wk@gnupg.org>

	Release 1.3.5.
	* configure.ac: Set LT version to C19/A/11/R6.

	Use size_t for the result of fread.
	* src/reader.c (ksba_reader_read): Make 'n' and size_t.

	Limit allocation in the BER decoder to 16 MiB.
	* src/ber-decoder.c (MAX_IMAGE_LENGTH): New.
	(decoder_next): Limit allcoation to MAX_IMAGE_LENGTH.
	(_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto.

2016-07-17  Tomáš Trnka  <tomastrnka@gmx.com>

	Encode OCSP nonce value as an octet string (RFC 6960)
	* src/ocsp.c (ksba_ocsp_set_nonce): Stop removing the sign bit.
	 (write_request_extensions): Encode nonce as octet string.
	 (parse_response_extensions): Decode nonce as octet string.

2016-07-13  Werner Koch  <wk@gnupg.org>

	build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
	* build-aux/config.guess: Update.
	* build-aux/config.sub: Update.

2016-06-27  Werner Koch  <wk@gnupg.org>

	tests: Fix a memory leak.
	* tests/t-oid.c (test_oid_to_str): Free STR.

	Use modern error macros and fix a missing assignment.
	* src/ocsp.c: Remove errno.h.  Replace gpg_error_from_errno(errno) by
	gpg_error_from_syserror ().
	(parse_response): Ditto.  Return direct becuase static analyzer may
	not grasp that  gpg_error_from_syserror will never return false.
	(ksba_ocsp_get_responder_id): Actually return an error for NO_DATA.

	Detect invalid RDN names and avoid a read from uninitialized variable.
	* src/dn.c (parse_rdn): Bail out for an invalid name.

2016-05-25  Werner Koch  <wk@gnupg.org>
	    Pascal Cuoq  <cuoq@trust-in-soft.com>

	Fix OOB read in parse_distribution_point.
	* src/cert.c (parse_distribution_point): Check TI.length.

2016-05-11  Werner Koch  <wk@gnupg.org>

	Make sure that ASN.1 data is stored in an all-initialized buffer.
	* src/ber-decoder.c (decoder_next): Clear the image buffer.

See thread at:

http://www.openwall.com/lists/oss-security/2016/08/20/3

Change History (3)

comment:1 by Douglas R. Reno, 8 years ago

Milestone: 7.117.10
Priority: normalhigh

Allowing into 7.10 barring objection.

comment:2 by Douglas R. Reno, 8 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Status: newassigned

I'll need this as part of Gcr / libsecret - Coming next after Gstreamer.

comment:3 by Douglas R. Reno, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r17681

Note: See TracTickets for help on using tickets.